tokoko commented on code in PR #3525:
URL: https://github.com/apache/polaris/pull/3525#discussion_r2728674284
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java:
##########
@@ -103,17 +103,15 @@ public StorageAccessConfig getSubscopedCreds(
String roleSessionName =
includePrincipalNameInSubscopedCredential
- ? "polaris-" + polarisPrincipal.getName()
+ ? AwsRoleSessionNameSanitizer.sanitize("polaris-" +
polarisPrincipal.getName())
Review Comment:
for our use case, we're using both s3 and minio, so erring on the side of s3
restrictions sounds good. for the general case, assuming s3 restrictions makes
sense for me as well, otherwise we'd have to either 1) try a call w/o
sanitization and fall back on sanitization or 2) try coding restrictions for
each system. Neither seems like a good choice.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
